Try   HackMD

Multisig design for Cosmos SDK (DRAFT)

Things we'd like to have

  • Dynamic members: with enough signatures, the account participants can change its members.
  • Flexible sig power: we want different member structures to be possible (by weight, m-of-n, tiers of members, etc).
  • Many signing algos.
  • Migration of existing multisigs
  • Allow sending messages in behalf of individual members (most likely a separate implementation)

Dynamic members & flexible sig power

We want to allow members of an account to be able to update it with a specific message for it.

message MsgUpdateMembers {
    repeated Member members = 1;
}

message Member {
    bytes pubkey = 1;
    uint64 weight = 2;
}

We'll also want to accept the usual multisig member "structures", I propose we use members weights and threshold to allow these structures without having to code specifically for each one of them. So it will be up to a front end to decide how to show things.

  • m-of-n: All members have the same weight, threshold = m * member_weight
  • by weight: This would be considered like "raw usage"
  • tiered members: Inspired by DAODAO, we can use a frontend to allow different levels of participants that hold different powers depending on an arbitrary off-chain rule.

My idea is that with weight and threshold you could represent almost any kind of multisig. Although I haven't really tested this statement enough.

Many signing algos

We can have a set of supported algos, which would translate in some Authenticate functions.

Desired signatures algorithms:

  • secp256k1
  • BLS
  • ???

Each one of them can have different ways of getting SignBytes, as for example BLS requires that each signature is made to a different message (to be verified by someone that knows more about it).

We could also have different ways of calculating sign bytes, allowing signatures from Metamask for example.

Signature parsing

Each authentication method will have its own way of parsing signatures.

Migration of existing multisigs

We'd need to allow accounts to set their own address for this. Then the MsgInit would need to require existing members signatures, and we'll query the multisig account's sequence and number???.

Haven't give this much thought yet

Allow sending messages in behalf of individual members

This won't be part of the multisig account, as it works too differently. Right now it's more a workaround than a proper design.

There's going to be a type of account abstraction that will be initialized during the init genesis. This account's address will be a known one, and anyone wanting to send a multi-signer message will have to know it (MULTISIGNER_ADDR).

The multisigner will be an abstracted account that can send messages in behalf of other accounts, like a SudoSend (but always performing a signature verification).

To send a multi-signer message, a UserOperation will be assembled with MULTISIGNER_ADDR as the sender.

execution_messages will contain a list of messages signed by different accounts.

authentication_method will contain a list of authentication methods, the length must match execution_messages's length (one auth method for each message).

authentication_data will contain a list of signatures, one for each msg in execution_messages.

For bundler_payment_messages we could either:

  • make the first/last signer in execution_messages sign over this too
  • add another signature to authentication_method that only signs over bundler_payment_messages.

I like the second approach as it will be simpler to do imo, as we treat it as an extension of execution_messages.

Last changed by 
Facundo Medica
0
95

Read more

Using on-chain multisigs on Cosmos SDK

In this article we'll go over the creation of a multisig wallet, and how to perform some actions with it.

May 29, 2024
x/consensus v2

x/consensus v2

Jan 22, 2024
Summary

This is a proposal to fund a core development and testing package on the Cosmos Hub for 2024. The teams that would receive funding if this proposal passes are the Cosmos Hub Teams from Informal Systems and Hypha Worker Co-operative. The total budget is $5.7 million USD (to be held in 30% ATOM, 70% USDC), plus 100k ATOM in performance bonuses, for a total of 914,285.71 using a spot price of 7 USD. This funding would replace both teams’ current funding from the Interchain Foundation and have these teams be directly accountable to the community. As of October 26, 2023, this represents approximately 18% of the community pool. Notes: - ATOM values have been calculated using a spot price of $7 USD as of October 26, 2023. - This budget only covers the teams at Hypha and Informal that work specifically on the Cosmos Hub. - The ATOM total requested from the community pool includes a 25% buffer on the budget amount to cover fluctuation in ATOM price over the 2-week voting period. Any unused buffer will be returned to the community pool. This proposal is summarized by the following propositions: (1) The release of 1,117,857.14 ATOM to finance:

Dec 13, 2023
x/accounts for dummies

x/accounts allows us to create new account types that can go from very basic to very complex. Accounts can have their own store (not by account type but by account) and ways of executing messages and authenticating the sender.

Dec 1, 2023
Read more from Facundo Medica
Published on HackMD